You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 10
Next »
The PSD2 service provides support for a set of non-standard scopes and claims that are associated with various use-cases under PSD2, including both PISP-scenarios and AISP-scenarios. The set of PSD2-specific scopes and claims is described in the following section, followed by a description of consent handling for each of the supported use-cases. The corresponding set of tailored access tokens is the described.
The following table summarizes how the PSD2 service impacts relevant functions of the OIDC Provider from BankID:
Function | Impact |
---|
IDP options | Available options for the OIDC Client are determined by the PSD2 service itself |
Authorize endpoint | Support for a larger set of additional non-standard scopes and claims |
Token endpoint | Support for a variety of both by-reference and by-value access tokens |
Resource endpoint(s) | NA (beyond scope) |
Please note the following important characteristics of the PSD2 service:
- It restricts the set of IDP options that are available to the OIDC client for each of the supported use-cases.
- It does not include the implementation of any resource endpoint
The PSD2 service is meant for integration by ASPSP, which under PSD2 can dictate which IDP options to make avilable for each of the supported use-case. Each ASPSP must in turn implement the relevant resource endpoints as part of the specific data API that the ASPSP offers to the marked under PDS2.
Scopes and claims
TBC
Consent handling
TBD
Characteristics of Access Tokens
TBC